f565dfdb15
Some checks failed
CI / go-lint (pull_request) Failing after 17s
CI / python-lint (pull_request) Failing after 12s
CI / nodejs-lint (pull_request) Failing after 7s
CI / test-go-consent (pull_request) Failing after 11s
CI / test-python-voice (pull_request) Failing after 11s
CI / test-bqas (pull_request) Failing after 11s
CI / Deploy (pull_request) Has been skipped
Implement a complete investor access system for the pitch deck: - Passwordless magic link auth (jose JWT + nodemailer SMTP) - Per-investor audit logging (slide views, assumption changes, chat) - Financial model snapshot persistence (auto-save/restore per investor) - PWA support (manifest, service worker, offline caching, icons) - Security safeguards (watermark overlay, rate limiting, anti-scraping headers, content protection, single-session enforcement) - Admin API for invite/revoke/audit-log management - Integrated into docker-compose.coolify.yml for production deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
53 lines
1.5 KiB
TypeScript
53 lines
1.5 KiB
TypeScript
interface RateLimitEntry {
|
|
count: number
|
|
resetAt: number
|
|
}
|
|
|
|
const store = new Map<string, RateLimitEntry>()
|
|
|
|
// Cleanup stale entries every 60 seconds
|
|
setInterval(() => {
|
|
const now = Date.now()
|
|
for (const [key, entry] of store) {
|
|
if (entry.resetAt <= now) store.delete(key)
|
|
}
|
|
}, 60_000)
|
|
|
|
export interface RateLimitConfig {
|
|
/** Max requests in the window */
|
|
limit: number
|
|
/** Window size in seconds */
|
|
windowSec: number
|
|
}
|
|
|
|
export interface RateLimitResult {
|
|
allowed: boolean
|
|
remaining: number
|
|
resetAt: number
|
|
}
|
|
|
|
export function checkRateLimit(key: string, config: RateLimitConfig): RateLimitResult {
|
|
const now = Date.now()
|
|
const entry = store.get(key)
|
|
|
|
if (!entry || entry.resetAt <= now) {
|
|
store.set(key, { count: 1, resetAt: now + config.windowSec * 1000 })
|
|
return { allowed: true, remaining: config.limit - 1, resetAt: now + config.windowSec * 1000 }
|
|
}
|
|
|
|
if (entry.count >= config.limit) {
|
|
return { allowed: false, remaining: 0, resetAt: entry.resetAt }
|
|
}
|
|
|
|
entry.count++
|
|
return { allowed: true, remaining: config.limit - entry.count, resetAt: entry.resetAt }
|
|
}
|
|
|
|
// Preset configurations
|
|
export const RATE_LIMITS = {
|
|
magicLink: { limit: 3, windowSec: 3600 } as RateLimitConfig, // 3 per email per hour
|
|
authVerify: { limit: 10, windowSec: 900 } as RateLimitConfig, // 10 per IP per 15min
|
|
api: { limit: 60, windowSec: 60 } as RateLimitConfig, // 60 per session per minute
|
|
chat: { limit: 20, windowSec: 60 } as RateLimitConfig, // 20 per session per minute
|
|
} as const
|